The information that Mr. Teso however did not address in his doomsday Hack In The Box presentation of mobile phones hacking in-flight systems and crashing aircraft are this … the systems he hacked, while ‘real’ for flight simulator training are not the actual systems installed on aircraft. Simulator software mimics the real world allowing pilots to train under many scenarios and constantly stay up to date, but these systems do not come with multiple security redundancies, nor are they connected to ‘the system’ in the same way the software would be in service on a real flying aircraft. In short, the software Mr. Teso hacked is not certified to work with fight hardware systems by any aviation authority in the world.

A factor Mr. Teso also failed to address, as he used his Android phone application to wreak havoc on the flight software, is this … the ability for a pilot to switch to manual, override the system, and fly the aircraft without using the flight computer inputs. Should an aircraft’s flight system put the aircraft in a dive towards the center of the city a pilot at the controls would be able to stop all of that, bring the aircraft level and continue flying safely and normally doing what they were trained to do as a pilot.

Finding vulnerabilities in aircraft flight systems is important, but there are many factors in place to seek out command errors, both on board the aircraft and in the air traffic control towers that would prevent a mobile phone, or outside system, from hacking into an in-flight computer and bringing down the plane.

You may hit some rough air and spill your drink as you fly from place to place, but that will be the work of Mother Nature, not the work of a hacker taking over your flight.

No sit back, relax, take out your phone (in Airplane Mode) if your flight has wifi, and enjoy your trip.

Pingbacks

[…] Back in early April 2013 Hugo Tess, a German IT Security Consultant, made the claims that he was abl…. The problem with Mr. Tess’ claims were that while he did hack a real in-flight computer system, it was a replica in an ground based simulator for flight training, and as such the flight system computer does not have the same security features as those found on board an aircraft. […]

Comments

Two quick comments on your post. Before I do though, I was in the flight simulation industry for more than 20 years, working for both Boeing and the world’s leading flight simulator manufacturers, and even helped launch the world’s first 777 flight simulator while working for Boeing’s flight simulator group. In other words, I know the hardware and I know the code. I was a technical guy and them moved into PM.

First comment: You say” Simulator software mimics the real world allowing pilots to train under many scenarios and constantly stay up to date, but these systems do not come with multiple security redundancies, nor are they connected to ‘the system’ in the same way the software would be in service on a real flying aircraft. ”

That’s only partially true. In fact, on the 777 flight simulators we used the exact AIMS (flight control) software that was used in the airplane. Identical. We downloaded it straight from Boeing engineering. Now the software that interfaces with that AIMS software was custom simulator code to actually move the hydraulic controls, etc. There are no “extra redundancies” – the simulator has to act exactly as the aircraft does or we’d never get FAA Level D certified (Level D is the highest certification – meaning you can get fully qualified on an aircraft without ever stepping foot in a real one).

Second: You say: “Should an aircraft’s flight system put the aircraft in a dive towards the center of the city a pilot at the controls would be able to stop all of that, bring the aircraft level and continue flying safely and normally doing what they were trained to do as a pilot.”

Again, partially true. While the pilots can certainly fly manually, most of the modern flight control systems are now “fly by wire” as I’m sure you know. That means there’s both electrical (or fiber) systems and software in between the controls and the actual flight control surfaces. Anytime there’s software, there’s the potential for something to go wrong.

I’m not saying the gist of your blog post is incorrect – in fact the person who discovered the “vulnerability” admitted it wasn’t entirely real-world (of course the media ignored that part), but he did bring up some valid points for investigation.

About Me

Fish has been covering aviation and transportation security issues since September 15, 2001, after walking away from Ground Zero in Lower Manhattan following four days of documenting the worst aviation security disaster in history.

Having spent more than a decade-and-a-half as a full-time photojournalist, Fish now divides his time between building social media and social commerce strategies and solutions for global travel brands, along with researching aviation and transportation security.

Growing up at the end up New York's JFK International Airport's Runway 4R/22L probably explains Fish’s enjoyment of watching planes fly overhead. When not working or shooting photos, Fish can be found playing with (and cleaning up after) his three kids, chasing his dogs, standing in the kitchen cooking, monitoring radios public safety and federal radios and of course cheering for the Red Sox.

You can find Fish on Twitter at @flyingwithfish …and … join Fish every Thursday at 3:30pm EST as he hosts the weekly #TNI #Travel Chat on Twitter.